Thanks: 0
Likes: 0
Needs Pictures: 0
Picture(s) thanks: 0
Results 1 to 15 of 22
Thread: Security warning
-
20th November 2008, 05:31 PM #1
Security warning
Need help deciphering this message.
Windows XP SP3
IE7
Just recently when I open a new tab in IE7 this warning comes up (see attachment). It looks dodgy to me so i just click cancel go to the site i want.
I've scanned the machine with AVG, Adaware and Spybot and they
found nothing.
What action do I need to take here as this message has never come until yesterday.To grow old is inevitable.... To grow up is optional
Confidence, the feeling you have before you fully understand the situation.
What could possibly go wrong.
-
20th November 2008 05:31 PM # ADSGoogle Adsense Advertisement
- Join Date
- Always
- Location
- Advertising world
- Age
- 2010
- Posts
- Many
-
20th November 2008, 06:33 PM #2
Anything related to that Antivirus 2008 is NASTY.
It gets downloaded onto your machine from various hijacked websites and is a REAL PAIN to get rid of.
It's a bogus antivirus program that installs, then wants you to pay money to get rid of it's bogus messages. I've had it totaly trash a couple customers machines (Format and reload windows)
Hopefully you dodged the bullet,
If anyone else sees it come up - CLOSE IT.
Ian
-
20th November 2008, 08:10 PM #3
As Ian said, WAV 2K8 is a nasty, nasty trojan.
I've also had the misfortune of having to remove it from other's systems and I'm really not looking forward to doing it again... but I probably will.
- Andy Mc
-
20th November 2008, 08:17 PM #4
Last edited by Grumpy John; 20th November 2008 at 08:17 PM. Reason: Typo
To grow old is inevitable.... To grow up is optional
Confidence, the feeling you have before you fully understand the situation.
What could possibly go wrong.
-
20th November 2008, 08:29 PM #5
Andy, does this look genuine to you, I'm paranoid about doing more damage?
http://www.technibble.com/how-to-rem...om-w32myzorfk/To grow old is inevitable.... To grow up is optional
Confidence, the feeling you have before you fully understand the situation.
What could possibly go wrong.
-
20th November 2008, 08:30 PM #6
I dunno 'bout that one, but this is the process I've followed (I do it manually):
http://www.removal-instructions.com/...virus2008.html
- Andy Mc
-
20th November 2008, 08:34 PM #7To grow old is inevitable.... To grow up is optional
Confidence, the feeling you have before you fully understand the situation.
What could possibly go wrong.
-
20th November 2008, 08:44 PM #8
Honestly - with some of those deeply embedded virii - it's less hassle to just to save your important stuff and do a nuke from orbit re-install. Means you are not plagued by 'did I get rid of all of it' thoughts!
-
20th November 2008, 08:50 PM #9
All I can offer is this list of files, etc. that I've compiled to help me crack this mongrel.
First thing, I use the Task manager to disable any and all of these processes:
- %program_files%/xpantivirus/xpantivirusupdate.exe
- xpantivirus.exe
- download.exe
- %program_files%/xpantivirus/sysbackup/ntoskrnl.exe
- install_xp.exe
- %program_files%/xpantivirus/sysbackup/ntoskrnl.exe.md5
- %program_files%/xpantivirus/sysbackup/explorer.exe.md5
- %program_files%/xpantivirus/unins000.exe
- xpantivirusupdate.exe
- %program_files%/xpantivirus/sysbackup/explorer.exe
- %program_files%/xpantivirus/unins000.exe
- install_xp.exe
- %program_files%/xpantivirus/xpantivirusupdate.exe
- %program_files%/xpantivirus/sysbackup/ntoskrnl.exe
- %program_files%/xpantivirus/sysbackup/explorer.exe
- %program_files%/xpantivirus/xpantivirus.exe
- %program_files%/xpantivirus/xpantivirus.exe.MD5
..and then delete these DLLs:
- %program_files%/xpantivirus/sysbackup/wininet.dll
- %program_files%/xpantivirus/sysbackup/shlwapi.dll.md5
- %program_files%/xpantivirus/sysbackup/shlwapi.dll
- %program_files%/xpantivirus/sysbackup/wininet.dll.md5
- %program_files%/xpantivirus/sysbackup/wininet.dll
- %program_files%/xpantivirus/sysbackup/shlwapi.dll
...and these program files:
- %program_files%/xpantivirus/xpantivirus.url
- %program_files%/xpantivirus/xpantivirus_log.txt
- %program_files%/xpantivirus/unins000.dat
- xpantivirus.lnk
- xpantivirus.url
- %program_files%/xpantivirus/backup.lst
- %program_files%/xpantivirus/helper.sys
- %program_files%/xpantivirus/pn.cfg
- %program_files%/xpantivirus/ver.dat
- %program_files%/xpantivirus/whitelist.cfg
- %program_files%/xpantivirus/spyware.dat
- %common_programs%/xp antivirus/uninstall xpantivirus.lnk
- %common_programs%/xp antivirus/xpantivirus on the web.lnk
- %common_programs%/xp antivirus/xpantivirus.lnk
- %desktopdirectory%/xpantivirus.lnk
- %profile%/application data/microsoft/internet explorer/quick launch/xpantivirus.lnk
...and these folders:
- %program_files%/xpantivirus
- %program_files%/xpantivirus/sysbackup
- %common_programs%/xp antivirus
- %program_files%/xpantivirus/quarantine
...and then edit the Registry to remove these Keys:
HKEY_CURRENT_USER/softwaremicrosoftwindowscurrentversionrun xp antivirus
HKEY_CURRENT_USER/softwarexp antivirusoptions lastscan
HKEY_CURRENT_USER/softwarexp antivirusoptions afterregisterurl
HKEY_CURRENT_USER/softwarexp antivirusoptions autoscanonstartup
HKEY_CURRENT_USER/softwarexp antivirusoptions
HKEY_CURRENT_USER/softwarexp antivirusfirstrun
HKEY_CURRENT_USER/softwarexp antivirusoptions helpurl
HKEY_CURRENT_USER/softwarexp antivirusoptions labelurl
HKEY_CURRENT_USER/softwarexp antivirusoptions minimizetotray
HKEY_CURRENT_USER/softwarexp antivirusoptions offsiteurl
HKEY_CURRENT_USER/softwarexp antivirusoptions programversion
HKEY_CURRENT_USER/softwarexp antivirusoptions startwithwindows
HKEY_CURRENT_USER/softwarexp antivirusoptions totalscans
HKEY_CURRENT_USER/softwarexp antivirusoptions transactionkey
HKEY_LOCAL_MACHINE/systemcurrentcontrolsetservicesxpantivirusfilter displayname
HKEY_LOCAL_MACHINE/systemcurrentcontrolsetservicesxpantivirusfilter errorcontrol
HKEY_CURRENT_USER/softwarexp antivirusoptions firstrunminimize
HKEY_LOCAL_MACHINE/softwaremicrosoftwindowscurrentversionuninstallxp antivirus_is1 inno setup: user
HKEY_LOCAL_MACHINE/softwaremicrosoftwindowscurrentversionuninstallxp antivirus_is1 installdate
HKEY_LOCAL_MACHINE/softwaremicrosoftwindowscurrentversionuninstallxp antivirus_is1 installlocation
HKEY_CURRENT_USER/softwaremicrosoftwindowscurrentversionexplorermenuorderstart menuprogramsxp antivirus
HKEY_CURRENT_USER/softwaremicrosoftwindowscurrentversionrun xp antivirus
HKEY_CURRENT_USER/softwarexp antivirusoptions autoupdate
HKEY_CURRENT_USER/softwarexp antivirusoptions billingurl
HKEY_CURRENT_USER/softwarexp antivirusoptions enableantirootkit
HKEY_LOCAL_MACHINE/softwaremicrosoftwindowscurrentversionuninstallxp antivirus_is1 urlupdateinfo
HKEY_LOCAL_MACHINE/systemcurrentcontrolsetservicesxpantivirusfilter
HKEY_LOCAL_MACHINE/softwaremicrosoftwindowscurrentversionuninstallxp antivirus_is1
HKEY_LOCAL_MACHINE/softwaremicrosoftwindowscurrentversionuninstallxp antivirus_is1 displayname
HKEY_LOCAL_MACHINE/softwaremicrosoftwindowscurrentversionuninstallxp antivirus_is1 helplink
HKEY_LOCAL_MACHINE/softwaremicrosoftwindowscurrentversionuninstallxp antivirus_is1 inno setup: app path
HKEY_LOCAL_MACHINE/softwaremicrosoftwindowscurrentversionuninstallxp antivirus_is1 inno setup: icon group
HKEY_LOCAL_MACHINE/softwaremicrosoftwindowscurrentversionuninstallxp antivirus_is1 inno setup: setup version
HKEY_CURRENT_USER/softwarexp antivirusoptions firstrunurl
HKEY_CURRENT_USER/softwarexp antivirusoptions billingurlapproved
HKEY_CURRENT_USER/softwaremicrosoftwindowsshellnoroammuicache crogram filesxpantivirusxpantivirus.exe
HKEY_LOCAL_MACHINE/softwaremicrosoftwindowscurrentversionuninstallxp antivirus_is1 publisher
HKEY_CURRENT_USER/softwarexp antivirusoptions updateurl
HKEY_LOCAL_MACHINE/systemcurrentcontrolsetservicesxpantivirusfilter imagepath
HKEY_LOCAL_MACHINE/systemcurrentcontrolsetservicesxpantivirusfilter start
HKEY_LOCAL_MACHINE/systemcurrentcontrolsetservicesxpantivirusfilter type
HKEY_LOCAL_MACHINE/systemcurrentcontrolsetservicesxpantivirusfilterenum
HKEY_LOCAL_MACHINE/systemcurrentcontrolsetservicesxpantivirusfilterenum count
HKEY_LOCAL_MACHINE/softwaremicrosoftwindowscurrentversionuninstallxp antivirus_is1 nomodify
HKEY_CURRENT_USER/software/xp antivirus/options aff
HKEY_CURRENT_USER/software/xp antivirus/options registerurl
HKEY_CURRENT_USER/softwarexp antivirus/options startminimized
HKEY_LOCAL_MACHINE/system/current/control/set/services/xpantivirus/filter/enum initstartfailed
HKEY_CURRENT_USER/software/xp antivirus/options enablesysbackup
HKEY_CURRENT_USER/software/xp antivirus
HKEY_CURRENT_USER/software/xp antivirus/options checkhidden
HKEY_CURRENT_USER/software/xp antivirus/options enableadvanced
HKEY_LOCAL_MACHINE/software/microsoft/windows/current/version/uninstall/xp antivirus_is1 norepair
HKEY_CURRENT_USER/software/xp antivirus/options versionurl
HKEY_CURRENT_USER/software/xp antivirus/register
HKEY_LOCAL_MACHINE/software/microsoft/windows/current/version/explorer/browser helper objects{9a19966f-ae0e-4699-8cce-9b6f5f1c352c}
HKEY_LOCAL_MACHINE/software/microsoft/windows/current/version/uninstallxp antivirus_is1 quietuninstallstring
HKEY_LOCAL_MACHINE/software/microsoft/windows/current/version/uninstallxp antivirus_is1 uninstallstring
HKEY_LOCAL_MACHINE/software/microsoft/windows/current/version/uninstallxp antivirus_is1 urlinfoabout
HKEY_LOCAL_MACHINE/system/current/control/set/services/xpantivirus/filter/enum nextinstance
HKEY_LOCAL_MACHINE/system/current/control/set/services/xpantivirus/filter/security
HKEY_LOCAL_MACHINE/system/current/control/set/services/xpantivirus/filter/security security
HKEY_CURRENT_USER/software/microsoft/windows/current/version/run xp antivirus
...and if it's still there after all that work, spit the dummy!
I gather you're up to the dummy stage?
- Andy Mc
-
20th November 2008, 08:55 PM #10
Ohh... %^@&#!! The formatting of that list is all up the crapper.
I've re-edited most of it, and what I haven't I'm sure you can work out.
- Andy Mc
-
20th November 2008, 09:26 PM #11
mmmmm - a full reinstall sounds quicker....
-
20th November 2008, 11:02 PM #12
Yup. That's the dummy spit stage.
Sadly, for some things it doesn't work without a full reformat as well.
- Andy Mc
-
21st November 2008, 08:37 AM #13
Main problem is that the thing seems to be re-written every few weeks
So any removal instructions or AV program is usually out of date. It also downloads other trojans, or is downloaded by other malware, so it's often not just a single infection. You remove one component, reboot and some other hidden trojan re-installs everything.
Lots of messing about in safe mode, or even with the hard disk out and slaved to a test machine.
Just bad news.
The ones I have cleaned I could probably have backed up the data and reloaded windows quicker.
Ian
-
21st November 2008, 09:36 AM #14
Last edited by Grumpy John; 21st November 2008 at 09:37 AM. Reason: Typo
To grow old is inevitable.... To grow up is optional
Confidence, the feeling you have before you fully understand the situation.
What could possibly go wrong.
-
21st November 2008, 11:03 AM #15Senior Member
- Join Date
- Sep 2008
- Location
- Melbourne
- Posts
- 193
www.ubuntu.com
Install and never worry about a virus again
Similar Threads
-
Security
By Gingermick in forum NOTHING AT ALL TO DO WITH WOODWORKReplies: 25Last Post: 19th February 2008, 01:12 PM -
which security suite?
By fxst in forum NOTHING AT ALL TO DO WITH WOODWORKReplies: 15Last Post: 28th December 2006, 10:26 PM